我编写了一个覆盖本机alert()方法的JavaScript代码。 我需要捕获包含alert()执行代码的HTML元素。 前两个案例就是例子。 我在console.log中打印了元素。
案例1 - 捕获<script>标记:
HTML: <script> alert(1); </script> <script> alert(1); </script>
JS:
window.alert = function() { console.log(document.currentScript); // <script> is printed }案例2 - 捕获<img>标签:
HTML: <img src='1' onerror="alert(1)">
JS:
window.alert = function() { console.log(arguments.callee.caller.arguments[0].target); // arguments.callee --> console.log() // arguments.callee.caller --> onerror(event) {} // arguments.callee.caller.arguments[0] --> event // arguments.callee.caller.arguments[0].target --> <img> }案例问题 - 捕获<a>标签:
HTML: <a href="javascript:alert(1);">Click here for alert</a>
JS:
window.alert = function() { console.log( // how to find <a> element) }请不要建议我通过包含<a>或类似的ID来修改HTML。 考虑到HTML纯粹是静态的,我不能修改任何东西。 我可以添加一个JavaScript,我只是不知道如何做到这一点。
I've written a JavaScript code which over-ride the native alert() method. I need to capture the HTML element which comprises the code of alert() execution. First two cases are examples. I have printed the elements in console.log.
Case 1 - Capturing the <script> tag:
HTML: <script> alert(1); </script>
JS:
window.alert = function() { console.log(document.currentScript); // <script> is printed }Case 2 - Capturing the <img> tag:
HTML: <img src='1' onerror="alert(1)">
JS:
window.alert = function() { console.log(arguments.callee.caller.arguments[0].target); // arguments.callee --> console.log() // arguments.callee.caller --> onerror(event) {} // arguments.callee.caller.arguments[0] --> event // arguments.callee.caller.arguments[0].target --> <img> }Case issue - Capturing the <a> tag:
HTML: <a href="javascript:alert(1);">Click here for alert</a>
JS:
window.alert = function() { console.log( // how to find <a> element) }Please don't suggest me to modify the HTML by including IDs for <a> or something similar. Consider that the HTML is purely static, and I can't modify anything. I can just add a JavaScript, and I just wan't to know how this can be done.
最满意答案
您可能能够找到此类警报并将其转换为单击事件。 像这样的东西。 请注意,单击事件警报调用可能会变得更加复杂,并且可能使用eval(),但我会留下您的风险。
window.alert = (function(){
var selected = document.querySelectorAll("a[href^='javascript:alert('");
Array.from(selected).forEach(function(item){
var old = item.href
item.addEventListener("click", function(){ alert(old.substring(11)); });
item.href="javascript:void(0);";
});
var _alert = function(msg) {
console.log(msg);
console.log(arguments.callee.caller.arguments[0].target);
};
return _alert;
})();
<a href="javascript:alert(1);">test</a>
You might be able to find such alerts and convert them to click events. Something like this. Note the click event alert call could be made much more sophisticated and potentially use eval(), but i leave that for you to risk.
window.alert = (function(){
var selected = document.querySelectorAll("a[href^='javascript:alert('");
Array.from(selected).forEach(function(item){
var old = item.href
item.addEventListener("click", function(){ alert(old.substring(11)); });
item.href="javascript:void(0);";
});
var _alert = function(msg) {
console.log(msg);
console.log(arguments.callee.caller.arguments[0].target);
};
return _alert;
})();
<a href="javascript:alert(1);">test</a>
更多推荐
HTML,alert,<a>,console,JavaScript,电脑培训,计算机培训,IT培训"/> <meta
发布评论